On average, over 8,000 new vulnerabilities are discovered in common software and hardware platforms every year. That's over 20 every single day!

Most companies don't have time to keep on top of this – IT managers have a million other things to do and even well-resourced security teams would struggle to strike a balance between tracking remediation activity; providing management reports; responding to incidents, providing advice to the business and monitoring nascent cyber threats. That’s exactly why Intruder runs Emerging Threat Scans – so you don’t have to.

How do they work?

As soon as we identify a new vulnerability that could critically affect your systems, we'll automatically kick-off a scan on all your external targets (license permitting). Please note, you cannot initiate them manually.


Assuming you haven’t disabled notifications, once the scan completes we’ll update you via email, Slack/Microsoft Teams and in the Intruder portal – whether it’s reassuring or cautionary, you’ll always know exactly what to do (and where to go – by clicking 'View').

Email notifications

Slack notification (passed)

Intruder portal notification (pass and fail)

If the Emerging Threat Scan notification has a red lightning bolt icon it means that at least one of your targets "failed" one or more of the checks.

If the lightning bolt is green, it means all included targets passed all checks for that Emerging Threat.

If you click on the notification you'll see a pop up detailing the check title and a brief description, as well as remediation advice and a list of affected target(s) where applicable.

Clicking the boxes above (or view, if you're clicking through from slack or an email) will take you through to the scans detail page, where you have access to more granular detail. (You can also access this page from Scans > Emerging Threats).

Can I see all the ETS that have run?

Yes; just head to Scans > Emerging Threats

Can I find more information about the Emerging Threat?

Yes, if you're on the page shown in the screenshot above, just click the one you're interested in and you'll see a whole host of details:

Why don't the failed checks show on my Issues page?

To provide a fast response time, Emerging Threat Scans are handled differently from our regular scans.

How do I get more information on a failed ETS?

If you'd like more detail than is available on the scans details page, just rescan the affected target(s) and if the issue is still present, it'll appear on your issues page along with all the other details you'd expect to see.

Do Emerging Threat Scans consume licenses?

Yes, they do. An Emerging Threat Scan will run on as many targets as you have licenses; so you have five unscanned targets and five licenses available, then all of those licenses will be assigned and consumed as soon as the ETS runs. Also, if any of your targets are already consuming licenses, then the 30 day license period will be reset in line with the ETS start date/time.

Can I disable them?

Yes, of course. To do that, head to your scans page, hit the cog icon and toggle Emerging Threat Scans to off.

Note: Emerging Threat Scan features are only available for customers on our Pro and Vanguard plans.

Did this answer your question?